Can anyone suggest a reseller that sells SSL certificates, at a low cost? Preferrably SSL certificates by Geotrust (quickssl, quickssl premium, truebusinessid).

I know that tucows sells them, but their prices seem pretty high! Rackshack sells quickssl for $25, which seems cheap.

thanks,

mangohead

or go to someone like commodo direct ?

The rackshack on is a good deal. I had my cert installed in approx. 15 minutes and have not had any issues with it.

www.OmegaSphere.net ?

The rackshack Geotrust certs are best IMHO.

can't beat $25!

RS, haven't seen better prices anywhere else ...

RS :)

http://www.freessl.com

WHT thread:
http://www.webhostingtalk.com/showthread.php?s=&threadid=132120&highlight=freessl.com

But the freessl cert is now $35.

Rackshack's geotrust cert, bar none, is the best. I've also done comodo, and a few other issuers - none were as fast or as well priced as the RS offering.

-David

We purchased our SSL certificate from Comodo. Friendly customer service. If you're going to buy something, buy something good [not cheap].

Yes, we have purchased our SSL from RS and it's very good! Purchase from them ;)

Geotrust is so much more established and compatible than Comodo

We love Comodo and wouldn't switch to any others. When you manage as many certs as we do, you've got to go with the company that delivers the best support at the most reasonable price. So far, Comodo has been outstanding in every single area. I literally have nothing negative to say about them.

RS is the cheapest I've seen so far. GEo trust certs are good enough, not sure about comodo though but if u want the best, then go with verisign :)

http://certs.ipsca.com/ has free 6-month certs, but they bring up security warnings in netscape.

SSL certs are about trust. We use GlobalSign because they require all your cpmpany papers and a lot of varification. People can be sure therefore that we are real and we are who we say we are.

What good is it when your RS or whatever SSL is setup in 15 minutes? That only shows that I should not trust people carrying these certs, sorry.

I pay >100$ and my clients get a real insurance about the legality of my company and that is what it is all about.

Good point.

Can you buy the RackShack SSL Cert. even though you're not one of their customers?

Yes anyone can buy a RS cert. I would like to see more security checks to get a RS cert. Otherwise all the scammers will go there and eventually end that deal. But for $25 you can't beat. IF you are starting out it is a good option.

Thanks Rox for posting. I'll be sure to get one :)

you could even make you own for free jst not noted by a large company but jst as secure....

Can someone post the link for the RS SSL? I can't seem to locate it...

http://www.rackshack.net/english/quickssldetails.asp

What good is it when your RS or whatever SSL is setup in 15 minutes? That only shows that I should not trust people carrying these certs, sorry.

What's good is that a warning window does not pop up tellling the client that you might not be legit. 128 bit RSA encryption is 128 bit RSA encryption no matter how you slice it. And having to fax papers into a company does not make you any less likely to defraud someone. It's not as if they are the Government.

Originally posted by cwshost
you could even make you own for free jst not noted by a large company but jst as secure....

Do you mind me asking how?

Originally posted by StarGate
SSL certs are about trust. We use GlobalSign because they require all your cpmpany papers and a lot of varification. People can be sure therefore that we are real and we are who we say we are.

What good is it when your RS or whatever SSL is setup in 15 minutes? That only shows that I should not trust people carrying these certs, sorry.



SSL Certs are about encryption not trust. How many people even look at the actual cert and examine it before using that site? I'm sure 95 % of people just look for the lock if anything at all.

Originally posted by Woogs
SSL Certs are about encryption not trust. How many people even look at the actual cert and examine it before using that site? I'm sure 95 % of people just look for the lock if anything at all.

hmmmmm. don't get it!

Question 1) the browser clearly states that a self signed cert, even though untrusted DOES offer security as it encrypts everything. So why don't people simply use a self signed cert?

Question 2) if the browser manufacturers (including Netscape, the inventor of SSL itself) wanted SSL to simply offer security and not trust, why do they differentatiate with a warning message saying, even though the self signed cert is not trusted (hence differentiating trust) but does offer security through encryption (hence differentiating security). They could easily eliminate this warning of "saying Not trusted, but you still have security" and simply work with self signed certs and would not need CAs (but they have chosen not to do that, why?).

Question 3) Why do people want to see that padlock? Is it because all along SSL certs have only been issued to trusted people and therefore we have come to trust the padlock?

SSL is about security and trust. It is not about just removing the warning message.

Of course, over the years, there are a varied level of SSL being marketed to cater for different groups of customers.

As to whether if some people seeing the padlock is happy or would examine further, it is up to that person.

The QuickSSL is great but lacks that level of trust because there is no real authentication involved here. A phone verification but I could just enter any phone number which I have access to. I could register it for a domain name which is reputable like say MicrosoftSales.com and still be able to register for a QuickSSL without any issue.

But if you are talking about trust, Thawte and Verisign provides for the additional step of requiring you to submit all supporting documents before you get your SSL.

That is one additional level to secure those browsing your site who you claim to be.

Originally posted by eddy2099
SSL is about security and trust. It is not about just removing the warning message.

Of course, over the years, there are a varied level of SSL being marketed to cater for different groups of customers.

As to whether if some people seeing the padlock is happy or would examine further, it is up to that person.

The QuickSSL is great but lacks that level of trust because there is no real authentication involved here. A phone verification but I could just enter any phone number which I have access to. I could register it for a domain name which is reputable like say MicrosoftSales.com and still be able to register for a QuickSSL without any issue.

But if you are talking about trust, Thawte and Verisign provides for the additional step of requiring you to submit all supporting documents before you get your SSL.

That is one additional level to secure those browsing your site who you claim to be.

Well, if SSL is about both trust and security (as the browser manufacturers clearly support SSL being for both) how come some CAs are allowed to issue certs without offering the trust element?

If a CA does not offer the Trust element in a certificate, then what is their role? (since security could easily be provided by a self signed certificate)

Like I say, there are different level of trust here, thus the different products.

I use the SSL certs without the trust element for my control panel to my servers. I do not need the trust element because the server is mine and I am the only administrator. I can go self-signed but I do not like the popup.

Then there are web-sites which cater for an internal group such as an internal Intranet site or a website hosted on the net exclusively for internal purposes can go without the trust element because the site is already trusted. Some of the site development I am involved in are within this class, usually for internal seminars or administration.

Or if you are looking at small amount of payments, you could probably go by without the trust element.

It is up to you. But you never see banks or major corporation going with an untrusted SSL on their site, do you ? For them trust is important because their reputation is at stake.

Originally posted by eddy2099
Like I say, there are different level of trust here, thus the different products.

I use the SSL certs without the trust element for my control panel to my servers. I do not need the trust element because the server is mine and I am the only administrator. I can go self-signed but I do not like the popup.

Then there are web-sites which cater for an internal group such as an internal Intranet site or a website hosted on the net exclusively for internal purposes can go without the trust element because the site is already trusted. Some of the site development I am involved in are within this class, usually for internal seminars or administration.

Or if you are looking at small amount of payments, you could probably go by without the trust element.

It is up to you. But you never see banks or major corporation going with an untrusted SSL on their site, do you ? For them trust is important because their reputation is at stake.

I see. I understand your point about using SSL for security where trust is not needed.

However, before, I knew that any site who had an SSL had a trust element in it.
Now, I don't! Because I don't know whether the issuing CA has issued the cert with trust or not!

How is a user supposed know if the SSL is trusted or not?
Before, untrusted cert used to throw up a warning message. Now, because CAs issue certs without trust, you can't tell the difference!

What is the point of a CA issuing an SSL cert without trust?
What is the role of a CA?

Actually it is not an issue of whether the CA is trusted or not but whether the site can be trusted. The CA has to go through extensive levels of legal procedures to become a CA and thus at which time would be a trusted. The other way is that the browser development would have to establish a trust with the CA and thus that's why their Certificate does not throw out a warning as compared to a Self-signed certificate.

The issue now is the trust level you have with the site you are visiting. In doubt, always click on the little padlock and see if it trusted or not.